Zone Alarm issue - possible trojan?

M

mark_b

New Member
I have been using Eraser for many years -- great program. Recently, my computer (as well as a number of others at my workplace) was hit by a series of trojans. As part of my response, I installed the Zone Alarm firewall (our IT department had de-activated the Windows firewall, which was part of the reason so many computers were infected once the first trojan hit).

Now that I have installed Zone Alarm, I frequently get alerts from Zone Alarm that "Eraser" wants to access the Internet. This occurs occasionally on system startup, and also whenever I try to erase a file. Is this normal behavior? If so why is Eraser from checking the Internet so frequently? Is there a way to stop it? If the behavior is not normal, is it possible that one of the trojans has replaced or infected the Eraser executable?

Thanks for any info!

--Mark
 
This is well documented on the forum; search on 'root certificates'. Eraser is using a Windows function to do a security check. Once the root certificates are validated, the check does not need to be performed again until they expire. And no, it isn't a Trojan. Security software vendors are doing themselves no favours with all the false positives they generate.

David
 
Thanks for the quick reply. I had no context on which to search the forums other than "Zone Alarm" or "firewall," neither of which turned up anything. ZoneAlarm said nothing about checking for "root certificates." It only asked me whether I wanted to allow Eraser to contact the Internet. It seemed odd that a file utility would constantly seek Internet access .... in ZA's defense, it did recommend I allow the access. But I was a little paranoid after my last experience....
 
I do understand. Actually, this is a point on which, I discover, users are left a bit high and dry at the moment.

I thought we had a reference to this in the 'sticky' FAQ, but we don't; I'll remedy that omission in the next few days. Also, it's a bit unfortunate that the Windows function simply forwards the call from Eraser, so it is not clear to the user what is going on; there is clearly a difference in users' minds between something that is organised and implemented officially by Microsoft (which root certificates most certainly are) and some random application trying to call home for the user knows not what reason.

User caution (I would not call it paranoia) about uncommanded net access is entirely proper, and it is right that security programs draw attention to such access. What annoys me is that security program vendors seem to pay much less attention to the public relations aspects than to the technicalities of what they are doing. If a virus or whatever is picked up on a signature, that is likely to be a fair cop. But most of the false positives come from the heuristics which, by their nature, can never be 100% accurate; if this were admitted in the messages displayed, and users were advised to exercise judgement rather than block a program instantly, there would be a great deal less angst and hassle all round. The security software I use (Kaspersky) has already moved in this sensible direction; programs it picks up are now described as 'potentially harmful', and one of the options users are invited to choose from is, 'I trust this program'. We need more of that approach.

David
 
You must log in or register to reply here.
Back
Top